Commits · b213966415c35bafba6876127eecc9157077f81e · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Sep 28, 2006

Introduce limits to prevent malicious keys being able to · b2139664

Mark J. Cox authored Sep 28, 2006

cause a denial of service.  (CVE-2006-2940)
[Steve Henson, Bodo Moeller]

Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service.  (CVE-2006-2937)  [Steve Henson]

Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]

b2139664

Sep 22, 2006
- Fix from HEAD. · 8db3f4ac
  Dr. Stephen Henson authored Sep 22, 2006
  
  8db3f4ac
- Fix from head. · 4ebd255a
  Dr. Stephen Henson authored Sep 22, 2006
  
  4ebd255a
Sep 19, 2006
- Ensure that the addition mods[i]+delta cannot overflow in probable_prime(). · d9d29446
  Bodo Möller authored Sep 19, 2006
```
[Problem pointed out by Adam Young <adamy (at) acm.org>]
```
  d9d29446
Sep 12, 2006
- Backport from HEAD: fix ciphersuite selection · ea43804b
  Bodo Möller authored Sep 12, 2006
  
  ea43804b
Sep 06, 2006
- make consistent with 0.9.8-branch version of this file · c2293d2e
  Bodo Möller authored Sep 06, 2006
  
  c2293d2e
Sep 05, 2006
- Don't forget to put back the -dev · e8723988
  Mark J. Cox authored Sep 05, 2006
  
  e8723988
- Bump for 0.9.7l-dev · 60bee5d4
  Mark J. Cox authored Sep 05, 2006
  
  60bee5d4
- Prepare 0.9.7k release · 975a7a48
  Mark J. Cox authored Sep 05, 2006
  
  OpenSSL_0_9_7k
  
  975a7a48
- Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher · ffa04072
  Mark J. Cox authored Sep 05, 2006
```
(CVE-2006-4339)  [Ben Laurie and Google Security Team]

Submitted by: Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson
```
  ffa04072
Aug 31, 2006
- Update from HEAD. · 6f414aef
  Dr. Stephen Henson authored Aug 31, 2006
  
  6f414aef
Jul 13, 2006
- Fix from HEAD. Except we can't stream multipart/signed in 0.9.7 so that case · 45e33ebe
  Dr. Stephen Henson authored Jul 13, 2006
```
still rewinds the stream.
```
  45e33ebe
Jul 09, 2006
- Fix from HEAD. · 0f562e2a
  Dr. Stephen Henson authored Jul 09, 2006
  
  0f562e2a
Jun 30, 2006
- documentation for "HIGH" vs. "MEDIUM" was not up-to-date · ae268485
  Bodo Möller authored Jun 30, 2006
  
  ae268485
- use <poll.h> as by Single Unix Specification · feee55c6
  Bodo Möller authored Jun 30, 2006
  
  feee55c6
Jun 28, 2006
- always read if we can't use select because of a too large FD · 81edd235
  Bodo Möller authored Jun 28, 2006
```
(it's non-blocking mode anyway)
```
  81edd235
- Mitigate the hazard of cache-collision timing attack on last round · 23c13189
  Andy Polyakov authored Jun 28, 2006
```
[from HEAD].
```
  23c13189
Jun 27, 2006
- Use poll() when possible to gather Unix randomness entropy · bdd00f8c
  Richard Levitte authored Jun 27, 2006
  
  bdd00f8c
Jun 23, 2006
- Be more explicit about requirements for multi-threading. · 30c99d45
  Bodo Möller authored Jun 23, 2006
  
  30c99d45
Jun 21, 2006
- Synchronise with the Unix build · e4a901b0
  Richard Levitte authored Jun 21, 2006
  
  e4a901b0
Jun 20, 2006
- Place hex_to_string and string_to_hex in separate source file to avoid · e25a2423
  Dr. Stephen Henson authored Jun 20, 2006
```
dragging in extra dependencies when just these functions are used.
```
  e25a2423
Jun 16, 2006
- Thread-safety fixes · 094c6aa5
  Bodo Möller authored Jun 16, 2006
  
  094c6aa5
Jun 14, 2006
- Disable invalid ciphersuites · c098e8b6
  Bodo Möller authored Jun 14, 2006
  
  c098e8b6
- Thread-safety fixes · 019a63f9
  Bodo Möller authored Jun 14, 2006
  
  019a63f9
May 17, 2006
- Fix from head. · 6651ac38
  Dr. Stephen Henson authored May 17, 2006
  
  6651ac38
- Fix from HEAD. · 0be0592e
  Dr. Stephen Henson authored May 17, 2006
  
  0be0592e
May 04, 2006
- Update for next dev version. · a6fb8a82
  Dr. Stephen Henson authored May 04, 2006
  
  a6fb8a82
- Prepare for release · d26d2361
  Dr. Stephen Henson authored May 04, 2006
  
  OpenSSL_0_9_7j
  
  d26d2361
- make update · 3dcd6cf0
  Dr. Stephen Henson authored May 04, 2006
  
  3dcd6cf0
- Use new fips-1.0 directory in error library. · daaca57e
  Dr. Stephen Henson authored May 04, 2006
  
  daaca57e
- Update CHANGES. · 309d74c8
  Dr. Stephen Henson authored May 04, 2006
  
  309d74c8
Apr 24, 2006
- Add new --with-baseaddr command line option to allow the FIPS base address of · 234f2f67
  Dr. Stephen Henson authored Apr 24, 2006
```
libeay32.dll to be explicitly specified.
```
  234f2f67
Apr 15, 2006
- Check pbe2->keyfunc->parameter is not NULL before dereferencing. · d4e81773
  Dr. Stephen Henson authored Apr 15, 2006
```
PR: 1316
```
  d4e81773
Apr 07, 2006
- Typos. · d366bf79
  Dr. Stephen Henson authored Apr 07, 2006
  
  d366bf79
- Link _chkstk.o from FIPSLIB_D. · 6c9cd652
  Dr. Stephen Henson authored Apr 07, 2006
  
  6c9cd652
Apr 03, 2006
- Change chop to chomp when reading lines, so CRLF is properly processed on · dd4263d9
  Richard Levitte authored Apr 03, 2006
```
the operating systems where they are the normal line endings
```
  dd4263d9
Mar 31, 2006
- Check flag before calling FIPS_dsa_check(). · f4e43726
  Dr. Stephen Henson authored Mar 31, 2006
  
  f4e43726
- Flag to allow use of DSA_METHOD in FIPS mode. · 6fa6e3e2
  Dr. Stephen Henson authored Mar 31, 2006
  
  6fa6e3e2
Mar 28, 2006
- Update build system to make use of validated module in FIPS mode. · fcdf1d3f
  Dr. Stephen Henson authored Mar 28, 2006
  
  fcdf1d3f
Mar 14, 2006
- apply fixes from the cvs head · e0fe7abe
  Nils Larsch authored Mar 14, 2006
  
  e0fe7abe